Advertising

Latest patches attached. On top of previous patches (most review
matters addressed**) patches 0008..0011 add support for profiles and
user certificates to `ipa cert-request'.
** those that were not are being tracked at [1]; please add anything
I missed.
Some points to note:
- usercertificate is not yet a multi-valued attribute for users,
hosts and services.
QUESTION - we do want to allow multiple certificates for all
principal types, not just users? Or have I got that wrong.
- "DN and SAN match principal" checks are not implemented for users
yet.
- ACL was added to allow user principals to request their own
certificates, however, this will be further subject to CA/profile
ACLs which are to come.
- Pursuant to [2] revocation logic was removed from `cert-request'
[1] http://idm.etherpad.corp.redhat.com/rhel72-cert-mgmt-progress